What is the CVSS score of CVE-2026-24857?

CVE-2026-24857 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Industrial are affected by CVE-2026-24857?

A critical vulnerability (CVSS 9.8) in bulk_extractor's RAR file handling allows remote code execution through specially crafted RAR archives.

Is there a public PoC exploit available for CVE-2026-24857?

Yes, a public proof-of-concept exploit is available for CVE-2026-24857. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-24857?

Within 24 hours: Identify all systems running bulk_extractor versions 1.4 and later and restrict their network access. Within 7 days: Disable RAR file processing capability or isolate affected systems from production networks; contact the vendor for patch timeline. Within 30 days: Implement application whitelisting to prevent bulk_extractor execution from untrusted sources and establish a mandatory patch deployment process upon vendor release.

Industrial CVE-2026-24857

CRITICAL

Heap-based Buffer Overflow (CWE-122)

2026-01-28 security-advisories@github.com

Industrial Memory Corruption Denial Of Service Bulk Extractor Suse

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SUSE

CRITICAL

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 09, 2026 - 16:47 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 22:15 nvd

CRITICAL 9.8

DescriptionGitHub Advisory

bulk_extractor is a digital forensics exploitation tool. Starting in version 1.4, bulk_extractor’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in Unpack::CopyString, leading to a crash under ASAN (and likely a crash or memory corruption in production builds). There's potential for using this for RCE. As of time of publication, no known patches are available.

AnalysisAI

bulk_extractor digital forensics tool starting from version 1.4 has a heap buffer overflow in its embedded unrar code that can be triggered by crafted RAR archives.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious RAR archive

Delivery

Embed RAR in disk image

Exploit

bulk_extractor processes image

Execution

Trigger heap buffer overflow in PPM LZ decoder

Persist

Out-of-bounds write in CopyString

Impact

Memory corruption or code execution

Access

Craft malicious RAR archive

Delivery

Embed RAR in disk image

Exploit

bulk_extractor processes image

Execution

Trigger heap buffer overflow in PPM LZ decoder

Persist

Out-of-bounds write in CopyString

Impact

Memory corruption or code execution

Vulnerability AssessmentAI

Exploitation	bulk_extractor version 1.4 or later processing a disk image containing a specially crafted RAR file with malformed PPM LZ compressed data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8 with PoC. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A suspect's hard drive contains a crafted RAR file. When a forensic analyst runs bulk_extractor on the disk image, the RAR processing triggers the heap overflow, compromising the forensic workstation and potentially tainting the investigation.
Remediation	Update bulk_extractor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running bulk_extractor versions 1.4 and later and restrict their network access. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical

CVE-2026-24857 vulnerability details – vuln.today

Back

Industrial CVE-2026-24857

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code